In a ruling issued this morning, the Federal Trade Commission found that LabMD, the defunct Atlanta-based cancer detection lab, failed to protect patient information and is liable for unfair data security practices. The Commission’s ruling reverses an Initial Decision by an administrative law judge (ALJ) that had dismissed the FTC charges against LabMD.

Writing for the three-member Commission, Chairwomen Edith Ramirez concluded that the ALJ applied the wrong legal standard for “unfairness” under Section 5 of the FTC Act and that LabMD’s security practices “were unreasonable, lacking even basic precautions to protect the sensitive consumer information maintained on its computer system.”